First Last Prev Next    This bug is not in your last search results.
Bug 19295 - Provides bad crypt()-function
Provides bad crypt()-function
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: openssl (Show other bugs)
7.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-10-17 21:08 EDT by Enrico Scholz
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-10-18 08:16:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Enrico Scholz 2000-10-17 21:08:05 EDT 
libcrypto.0.9.5a contains a crypt()  function providing only the simple DES
encrypting. But libcrypt.so (part of glibc) allows MD5 encryption
supporting larger passwords.

E.g. compiling
------- test.cc ------
#define _XOPEN_SOURCE
#include <unistd.h>
#include <iostream>

int main() {
        std::cout << crypt("ABC", "$1$abcdef$") << std::endl;
}
-------

both with -lcrypt and -lcrypto is giving different output:

# g++ /tmp/crypt.cc -lcrypt && ./a.out 
$1$abcdef$huJsPyysqd.RqgtSA1ccS.

# g++ /tmp/crypt.cc -lcrypto && ./a.out 
$1EA5T9lIorRY



So you can loss the capability to use large passwd's if OpenSSL is linked
to the program (I have seen it with cvs-1.11).

Reason seems to lie in crypto/des/fcrypt.c where crypt() is nested in a
complicated #if-#else clause. Perhaps it's fixed in OpenSSL-0.9.6 but I
have no opportunity to test it now.
Comment 1 Nalin Dahyabhai 2000-10-24 16:28:49 EDT 
This will be fixed in openssl-0.9.5a-19 in Raw Hide.  Thanks!
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.